A step-by-step document may not be available, but this link has some info: https://collaborate.pega.com/question/single-sign-sso-personal-edition-v81. You will just have to go through that yourself - the general setup is fairly straightforward but you will have to struggle through if you are new to SAML (there are other links in the link above that can help you). Good luck!

Hi Vinod,

I have prepared a document to configure openAM with  prpc.Please find it in the attachment.It has total 16 steps.Hope it will resolve your issue.

Thanks,
Abhinav

Hi,

I have tried the implementing SSO document and I keep getting errors regarding the NameID (unable to do sso or federation, unable to generate NameID). I searched the web and came across references that the NameID format and value needed to be set up correctly. I also used wireshark to check the traffic between the two services and came across this:

<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"

But to no avail. I re-traced my steps several times, but I am at a dead end. Any help is appreciated.

Hi,

I had an issue with NameID format with openAM as well. 

When you export the metadata from PRPC you will see two NameID formats:

<ns2:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</ns2:NameIDFormat>

<ns2:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</ns2:NameIDFormat>

Note: Prior to 7.4 the nameid-format was just transient. As of 7.4 and newer it's the above two formats.

The import of the metadata from PRPC worked fine but at runtime OpenAM threw an exception that it couldn’t find the NameIDFormat  “urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress”.  I had to switch it at the IDP level, after metadata import, to use the old “urn:oasis:names:tc:SAML:2.0:nameid-format:transient”  format to resolve the issue

Hope this helps,

--Chris